Search

For Open-Source Software, the Developers Are All of Us

"We are stronger together than on our own." This is a core principle
that many people adhere to in their daily lives. Whether we are
overcoming adversity, fighting the powers that be, protecting our
livelihoods or advancing our business strategy, this mantra propels
people and ideas to success.

In the world of cybersecurity, the message of the decade is
"you're not safe." Your business secrets, your personal
information,
your money and your livelihood are at stake. And the worst part of it
is, you're on your own. Every business is beholden to hundreds of
companies handling its information and security. You enter
information into your Google Chrome browser, on a website running
Microsoft Internet Information Server, and the website is verified
through Comodo certificate verification. Your data is transmitted
through Cisco firewalls and routed by Juniper routers. It passes
through an Intel-branded network card on your Dell server and through
a SuperMicro motherboard. Then the data is transmitted through the
motherboard's serial bus to the SandForce chip that controls your Solid
State Disk and is then written to Micron flash memory, in an Oracle
MySQL database.

You are reliant on every single one of those steps being secure,
in a world where the trillion-dollar problem is getting computers to
do exactly what they are supposed to do. All of these systems have flaws.
Every step has problems and challenges. And if something goes wrong,
there is no liability. The lost data damages your company, your
livelihood, you.

This problem goes back decades and has multiple root causes
that culminate in the mess we have today. Hardware and software makers
lack liability for flaws, which leads to sub-par rigor in verifying
that systems are hardened against known vulnerabilities. A rise in
advertising revenue from "big data" encourages firms to hoard
information, looking for the right time to cash out their users'
information. Privacy violations go largely unpunished in courts, and
firms regularly get away with enormous data breaches without paying
any real price other than pride.

But it doesn't have to be this way. Open software development has
been a resounding success for businesses, in the form of Linux, BSD
and the hundreds of interconnected projects for their platforms. These
open platforms now account for the lion's share of the market for
servers, and businesses are increasingly looking to open software for
their client structure as well as for being a low-cost and high-security
alternative to Windows and OS X.

The main pitfall of this type of development is the lack of a profit
motive for the developers. If your software is developed in the open,
everyone around the world can find and fix your bugs, but they can
also adopt and use your coding techniques and features. It removes the
"walled garden" that so many software companies currently enjoy. So
we
as a society trade this off. We use closed software and trust that all
of these companies are not making mistakes. This naiveté costs the US
around $16 billion per year from identity theft alone.

So how do we fix this problem? We organize and support open software
development. We make sure that important free and open security
projects have the resources they need to flourish and succeed. We get
our development staff involved in open-source projects so that they
can contribute their expertise and feedback to these pillars of secure
computing.

But open software is complex. How do you know which projects to
support? How can you make this software easier to use? How can you
verify that it is actually as secure as possible?

This is where we come in. We have founded the Open Source Technology
Improvement Fund, a 501(c)3 nonprofit whose only job is to fund
security research and development for open-source software. We vet
projects for viability, find out what they need to improve and get
them the resources to get there. We then verify that their software is
safe and secure with independent teams of software auditors, and work
with the teams continuously to secure their projects against the
latest threats.

The last crucial piece of this project is you—the person reading
this. This entire operation is supported by hundreds of individuals
and more than 60 businesses who donate, sit on our advisory council and
participate in the open software movement. The more people and
businesses that join our coalition, the faster we can progress and fix
these problems. Get involved. We can do better.

Derek is a privacy activist, hacker and mathematician. He started his first business in 2000, selling hand-designed PCs to gamers, engineers, and businesses. In 2012 Derek helped found VikingVPN, a VPN service focused on speed, security, and privacy in response to the increasing problems with surveillance on the internet by marketing entities. The May 2013 disclosures by Edward Snowden motivated him to work in the privacy and infosec sector full-time, and to focus his work on countermeasures against advanced persistent threats like governments.

He has personally funded the entirety of the startup costs for OSTIF. He truly believes that the only real response to the death march of surveillance is technological in nature, not political. The ultimate goal of the OSTIF is to liberate the citizens of the world from the oppression of information.

In his free time, Derek enjoys nature, relaxing on a nice patio, reading, dining at new restaurants, travel, art, music, movies, theater and all forms of digital entertainment.